WG Meeting: 2024-10-22

# WG Meeting: 2024-10-22 ## Agenda - Updates about IPSIE / SSWG coordination - Which specs to take to final - Gartner interop updates ## Attendees - Atul Tulshibagwale (SGNL) - David McNealy (Delinea) - Dean H. Saxe (Beyond Identity) - Keiko Itakura (Okta) - Martin Gallo (Individual) - Rajvardhan Deshmukh (Cisco) - Stan Bounev (VeriClouds) - Swathi Kollavajjala (Cisco) - Thomas Darimont (OIDF) - Tim Cappalli (Okta) - Jay Leslie (Easy Dynamics) - Yair Sarig (Omnissa) - Jen Schreiber (Workday) - Tushar Raibhandare (Google) ## Notes ### IPSIE - Interoperability Profile for Secure Identity in the Enterprise (IPSIE) ### Gartner interop update - [Committed participants list](https://docs.google.com/document/d/1hF6CSGB4hIGeWUX2yRL-5yOi_88-S3UMtYvz2u4ToJo/edit?usp=sharing) - (David McNeely) Is there a test harness by which we can prove interoperability - (Atul) Right now, we need to do peer-to-peer testing, but a test harness is under development ### Which specs to take to final - (Atul) Last call discussed that only SSF should be taken to final. I would like to propose that all specs should be taken to final - (Tim) The counterpoint is that the specs should be held off in favor of the schema based work - (Atul) We should <lot of discussion here></lot> ### Schema based definition of events - (David McNeely) The OCSF.io defines schemas, we should look at what they do - They seem to have a schema framework - maybe we can reuse the schema that OCSF has defined (https://schema.ocsf.io) - (Jen) How do we make progress on the process front. - (Atul) Talk to Mike Jones, I will introduce ### General - (Stan) Where are the open issues? - (Atul) They are in the [GitHub repo](https://github.com/openid/sharedsignals/issues) - (Thomas) For those participating in the interop event, please also take a look at the SSF test interop profile. - (Thomas) Would it be possible to try out the SSF conformance tests available by then at the Interop Event and give us (OIDF) feedback on them? We could provide a staging environment with tests that you can run against your environments. We currently have basic tests for the transmitter part: - Transmitter Metadata Checks - Check SSF Endpoints TLS requirements - Stream Management (CRUD) - Subject Management (Update/Remove) Things that are currently missing: - Option to run SSF Spec tests with CAEP Interop profile - Some transmitter metadata checks - Receiver tests Would that help you somehow? - (Thomas) Having a real implementation (other than CAEP.dev) would help build the conformance test suite ## Action Items